[SD2-43466] added a way to add api_tokens to a company

[Abduboriy1]

CodeAnt-AI Description

• Added full backend and frontend support for associating API tokens with companies, including creation, validation (via external API), and deletion.
• Introduced new API endpoints and Eloquent model for company API tokens, with migration, factory, and seeder scaffolding.
• Created Vue components for managing and deleting company API tokens, and integrated them into the company admin edit page.
• Added composables for API token mutations and updated backend services to support dynamic API key validation.
• Enhanced model documentation with PHPDoc annotations for improved IDE support.
• Minor bug fixes in existing company form component and improved eager loading of relationships.

This PR introduces a robust system for managing API tokens at the company level, including validation against an external service, UI for admins to add or remove tokens, and all necessary backend infrastructure. It also improves code documentation and fixes minor issues in related components.

---

Changes walkthrough

	Relevant files
Enhancement	19 files CompanyApiTokenController.php Add CompanyApiToken API controller with CRUD endpoints and validation app/Http/Controllers/Api/CompanyApiTokenController.php Introduced a new API controller for managing company API tokens. Added endpoints for listing, creating, and deleting company API tokens. Implemented validation and external API token verification logic. +79/-0    CompanyApiToken.php Add CompanyApiToken Eloquent model with relationships and docs  app/Models/CompanyApiToken.php Created a new Eloquent model for CompanyApiToken. Defined fillable fields and relationship to Company. Added PHPDoc annotations for properties and methods. +53/-0    2025_06_17_152243_create_company_api_tokens_table.php Add migration for company_api_tokens table                                          database/migrations/2025_06_17_152243_create_company_api_tokens_table.php Added migration to create company_api_tokens table. Defined schema with foreign key to companies, token, and validity flag. +32/-0    CompanyAuthForm.vue Add CompanyAuthForm Vue component for API token management          resources/js/components/feature/company/CompanyAuthForm.vue Added a new Vue component for managing company API tokens. Supports viewing, adding, and validating API tokens for a company. Integrates with backend via mutations and displays status. +187/-0  CompanyApiTokenDeleteDialog.vue Add CompanyApiTokenDeleteDialog Vue component for token deletion resources/js/components/feature/company/CompanyApiTokenDeleteDialog.vue Added a dialog component for deleting a company's API token. Provides confirmation UI and integrates with mutation for deletion. +107/-0  useCompanyApiTokenMutation.js Add mutation composable for creating company API tokens                resources/js/composables/mutations/company/useCompanyApiTokenMutation.js Added a Vue Query mutation for creating a company API token. Handles API call and integrates with form submission. +22/-0    useCompanyApiTokenDestroyMutation.js Add mutation composable for deleting company API tokens                resources/js/composables/mutations/company/useCompanyApiTokenDestroyMutation.js Added a Vue Query mutation for deleting a company API token. Handles API call for token deletion. +17/-0    index.js Export API token mutation composables in company mutations index resources/js/composables/mutations/company/index.js Exported new mutation composables for API token creation and deletion. +2/-0      PipelineApiAccessorialsList.php Add PipelineApiAccessorialsList service for API token validation app/Services/Pipeline/PipelineApiAccessorialsList.php Added a service class to validate API tokens via external API. Implements method to check token validity by making a GET request. +28/-0    PipelineApiBaseService.php Allow API key override in PipelineApiBaseService constructor      app/Services/Pipeline/PipelineApiBaseService.php Modified constructor to accept an optional API key override. Allows dynamic API token usage for external requests. +2/-2      UpdateCompanyApiTokenRequest.php Add UpdateCompanyApiTokenRequest for API token validation            app/Http/Requests/UpdateCompanyApiTokenRequest.php Added a form request for validating company API token updates. Requires api_token field as a string. +29/-0    StoreCompanyApiTokenRequest.php Add StoreCompanyApiTokenRequest placeholder                                        app/Http/Requests/StoreCompanyApiTokenRequest.php Added a placeholder form request for storing company API tokens. +28/-0    CompanyApiTokenFactory.php Add factory for CompanyApiToken model                                                    database/factories/CompanyApiTokenFactory.php Added a factory for the CompanyApiToken model. Currently contains a placeholder definition. +23/-0    CompanyApiTokenSeeder.php Add seeder for CompanyApiToken                                                                  database/seeders/CompanyApiTokenSeeder.php Added a seeder class for CompanyApiToken. Currently contains a placeholder run method. +17/-0    Company.php Add apiToken relationship and docs to Company model                        app/Models/Company.php Added apiToken relationship to Company model. Updated PHPDoc annotations for new relationship. +56/-1    CompanyController.php Eager load apiToken in CompanyController show method                      app/Http/Controllers/Api/CompanyController.php Modified show method to eager load apiToken relationship. +2/-1      api.php Register companyApiTokens API resource routes                                    routes/api.php Registered new API resource routes for companyApiTokens. +3/-0      Edit.vue Integrate CompanyAuthForm into company admin edit page                  resources/js/pages/admin/company/Edit.vue Integrated CompanyAuthForm component into the company edit page. Displays API token management UI for companies. +2/-0      web.php Eager load apiToken in company web route                                              routes/web.php Eager loaded apiToken relationship when showing a company in web routes. +1/-1
Documentation	6 files User.php Add PHPDoc annotations to User model                                                      app/Models/User.php Added PHPDoc annotations for User model properties and methods. +39/-0    Image.php Add PHPDoc annotations to Image model                                                    app/Models/Image.php Added PHPDoc annotations for Image model properties and methods. +26/-0    Theme.php Add PHPDoc annotations to Theme model                                                    app/Models/Theme.php Added PHPDoc annotations for Theme model properties and methods. +27/-0    BackgroundImage.php Add PHPDoc annotations to BackgroundImage model                                app/Models/BackgroundImage.php Added PHPDoc annotations for BackgroundImage model properties and methods. +25/-0    ImageType.php Add PHPDoc annotations to ImageType model                                            app/Models/ImageType.php Added PHPDoc annotations for ImageType model properties and methods. +21/-0    Log.php Add PHPDoc annotations to Log model                                                        app/Models/Log.php Added PHPDoc annotations for Log model properties and methods. +20/-0
Bug fix	1 files CompanyForm.vue Minor fixes in CompanyForm component                                                      resources/js/components/feature/company/CompanyForm.vue Fixed typo in form ID attribute. Removed unnecessary await from toast calls. +3/-3

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

[codeant-ai]

Pull Request Feedback 🔍

🔒 Security concerns Sensitive information exposure: The new API endpoint index() in CompanyApiTokenController returns all API tokens without authentication or filtering, which could leak sensitive tokens to unauthorized users.

⚡ Recommended areas for review Undefined Variable isDeleting is referenced in the template but never defined. The button disable state should use the mutation's loading state (e.g., isLoading) or map it correctly. Mutation Error Handling The onError callback is provided at the top level of the hook options instead of inside the config object, so errors may not be caught. It should be nested under config alongside onSuccess. Default-value Binding Using default-value on the Input only sets the initial value and will not update when the token changes. Use :value binding to keep the display in sync. Excessive Logging A console.log inside the watch callback logs the entire company object on every change, which may expose sensitive data and clutter the console. Consider removing or restricting it. Data Exposure The index() method returns all company API tokens without filtering by company or enforcing authorization, potentially exposing sensitive tokens. Repository Bloat An auto-generated IDE helper file with 20k+ lines has been committed, significantly bloating the repository. It should be excluded via .gitignore or removed. Missing Import The Company model defines an apiToken relation using CompanyApiToken but the class is not imported, leading to a potential class not found error. Invalid Migration The migration calls $table->uuid() without a column name, which is invalid. It should specify a column name, e.g. $table->uuid('uuid');. Missing Validation StoreCompanyApiTokenRequest has empty rules(), so payload keys like company_id and api_token are not validated, risking data integrity issues. Console Log Leftover A console.log statement remains in production code, which could leak sensitive data and clutter logs. Header Key Inconsistency The header uses camelCase apiKey, which may not be recognized by the API. Ensure it matches the expected header name (e.g. Api-Key).

[codeant-ai]

Suggestion: Use findOrFail when retrieving the company to automatically return a 404 if not found and avoid null dereference. [best practice]

Suggested change

	$company = Company::whereId($request->input('company_id'))->with('apiToken')->first();
	$company = Company::with('apiToken')->findOrFail($request->input('company_id'));

[codeant-ai]

Suggestion: Provide a name for the UUID column, e.g. uuid('uuid'). [possible bug]

Suggested change

	$table->uuid();
	$table->uuid('uuid');

[codeant-ai]

Suggestion: Add a foreign key constraint with cascade delete for company_id. [best practice]

Suggested change

	$table->foreignIdFor(Company::class);
	$table->foreignIdFor(Company::class)->constrained()->cascadeOnDelete();

[codeant-ai]

Suggestion: Add a unique index on api_token to prevent duplicate tokens. [enhancement]

Suggested change

	$table->string('api_token');
	$table->string('api_token')->unique();

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[Abduboriy1]

Nice work!